Best Practices Guide: Using DNS Data for Threat Intelligence and Incident Forensics

Overview: Cybercrime represents a major threat to both government and businesses, costing the economy hundreds of billions of dollars in losses every year. Often, the most challenging part for an investigator is discovering the who behind an attack. Is it a coordinated attack orchestrated by a criminal syndicate or an amateur hacker looking for a backdoor into your network? If the actual individual cannot be identified-as is too often the case-then investigators can build a Threat Intelligence Profile on the suspect that uniquely "finger prints" the organization and how they act. Threat investigators need to use all the tools at their disposal in order to identify the individuals and organizations involved in an online attack. DNS and Whois data is an essential tool that should be leveraged by every incident response team.

This guide will show you how DomainTools products can be applied during the course of an investigation to identify the perpetrator, build a profile of a cyber-attack, and proactively protect your data, infrastructure and intellectual property.